Remove Extended Stored Procedures from your Database

When using MS SQL as the backend Database for your Virtual Center you should make sure that the following extended stored procedures have been removed or switched off.

You should do this as procedures like xp_cmdshell allow full access to the underlying operating system.

Entities:

xp_available media
xp_cmdshell
xp_dirtree
xp_dnsinfo
xp_enumdsn
xp_enumerrorlogs
xp_enumgroups
xp_eventlog
xp_fixeddrives
xp_getfiledetails
xp_getnetname
xp_logevent
xp_loginconfig
xp_msver
xp_readerrorlog
xp_servicecontrol
xp_sprintf
xp_sscanf
xp_subdirs

Remediation: Remove

Risk Level: High